From dbcd371b46a16a81a9975b57a11b61bbc2ba81e4 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Tue, 9 Apr 2013 05:47:42 -0300 Subject: [PATCH] [media] rc: ene_ir: fix potential double free in ene_probe() Since rc_unregister_device() frees its argument, the subsequently call to rc_free_device() on the same variable will cause a double free bug. Fix by set argument to NULL, thus when fall through to rc_free_device(), nothing will be done there. Signed-off-by: Wei Yongjun Signed-off-by: Mauro Carvalho Chehab --- drivers/media/rc/ene_ir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/rc/ene_ir.c b/drivers/media/rc/ene_ir.c index ee6c984cade2..ed184f68c17c 100644 --- a/drivers/media/rc/ene_ir.c +++ b/drivers/media/rc/ene_ir.c @@ -1098,6 +1098,7 @@ static int ene_probe(struct pnp_dev *pnp_dev, const struct pnp_device_id *id) release_region(dev->hw_io, ENE_IO_SIZE); exit_unregister_device: rc_unregister_device(rdev); + rdev = NULL; exit_free_dev_rdev: rc_free_device(rdev); kfree(dev);